1. Field of the Invention
The present invention relates to a cryptographic module selecting device and program for selecting a cryptographic scheme for encrypting and signing electronic data.
2. Description of the Related Art
In the present highly information-oriented society, a cryptographic technology is employed as a basic technology for assuring security of information.
The cryptographic technology is roughly classified into the categories of common-key cryptosystem, public-key cryptosystem, hash function, random number, and the like. In each category, various cryptographic methods have been developed. Each cryptographic method has particular features. Therefore, it is desired to select an appropriate cryptographic method depending on the circumstances by considering the features of the cryptographic methods.
When changing the encrypting method, a technology for reflecting the changed cryptographic method in the system is disclosed, for example, in Jpn. Pat. Appln. KOKAI Publication No. 2002-281018.
One of the guidelines for selecting the cryptographic method is shown, for example, in CRYPTREC, e-government recommended cipher list (URL: http://www.soumu.go.jp/joho_tsusin/security/pdf/cryptre c—01.pdf). When selecting a common-key cryptosystem, for example, knowledge of the content of the document concerning selection/design/evaluation of common-key block cipher, written by the Communication and Broadcasting Organization (URL: http://www2.nict.go.jp/tao/kenkyu/yokohama/guidebook.pdf), is advised.
However, the e-government recommended cipher list shows sets of cryptographic methods generally used, but does not always show the optimum cryptographic method according to the circumstances.
To select a common-key cryptographic method, professional knowledge is needed because it is selected through an understanding of, for example, the document concerning selection/design/evaluation.
Also, by finding a novel attacking method of an existing cryptographic method, it may be required to modify the existing cryptographic method to provide a new cryptographic method.
Further, in one cryptographic method, a plurality of cryptographic modules mutually different in the implementing manner may exist. Hence, depending on the implementing manner, the speed of the cryptographic module or the consumption amount of resources may be different. Accordingly, depending on the circumstances, it may be needed to change a current cryptographic module to a different cryptographic module of the same cryptographic method.
In any case, when changing over the cryptographic modules, it is proposed to distribute a cryptographic module for executing a new cryptographic method to the corresponding device to update the cryptographic module (see, for example, Jpn. Pat. Appln. KOKAI Publication No. 2002-281018). However, in Jpn. Pat. Appln. KOKAI Publication No. 2002-281018, optimum selection of cryptographic module is not suggested.
Thus, conventionally, the cryptographic module is used as a fixed one, and when changing over the cryptographic modules, professional knowledge is needed to select the optimum cryptographic module that suits the circumstances.